pap always returns noop for windows dialup authentication

paul trader fliptop at igolinux.com
Mon Sep 23 19:19:04 CEST 2013


eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:

PM:It's difficult to say, because the debug you sent has all the useful 
PM:bits trimmed out - like the original packet, and the full module 
PM:processing chain.

hi phil - ok, here's the full debug for a successful request:

rad_recv: Access-Request packet from host x.x.x.x port 1812, id=37, 
length=133
	User-Name = "test"
	User-Password = "testing"
	User-Password = "testing"
	NAS-IP-Address = x.x.x.x
	NAS-Identifier = "x.x.x.x"
	NAS-Port = 2561
	Acct-Session-Id = "167773864"
	Service-Type = Login-User
	Calling-Station-Id = "xxxxxxxxxx"
	Called-Station-Id = "xxxxxxx"
	NAS-Port-Type = Async
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 37 to x.x.x.x port 1812
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 37 with timestamp +676


and here's the full output of a failed request:

Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x port 1812, id=35, 
length=121
	User-Name = "test"
	User-Password = "testing"
	NAS-IP-Address = x.x.x.x
	NAS-Identifier = "x.x.x.x"
	NAS-Port = 2561
	Acct-Session-Id = "167773862"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Calling-Station-Id = "xxxxxxxxxx"
	Called-Station-Id = "xxxxxxx"
	NAS-Port-Type = Async
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting 
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 35 to 64.214.93.3 port 1812
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +361

from what i can see, the successful request finds the user's entry in the 
user table, but the failed request doesn't (and uses DEFAULT instead).  
but the usernames passed in seem to be the same.  i don't know, we've used 
freeradius for years and this is the 1st time i'm having a problem.  
weird.

regards, paul


More information about the Freeradius-Users mailing list